8 matches found
GHSA-8P2P-P8MG-X3CW Insight API transaction broadcast endpoint can result in Full Path Disclosure
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
@joshyzou/sendcrypto (>=1.0.0 <=1.0.2), accept-bitcoin (>=0.0.6 <=0.0.9) +14 more potentially affected by CVE-2018-1000023 via insight-api (=0.4.3)
insight-api NPM version =0.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on insight-api and may be impacted: - @joshyzou/sendcrypto =1.0.0, =0.0.6, =0.0.1, =4.0.0, =1.1.1, =4.1.0, =0.0.1, =4.1.1, =0.5.1, =0.8.7 and more Source cves: CVE-2018-1000023...
Input validation
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
CVE-2018-1000023
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
CVE-2018-1000023
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
CVE-2018-1000023
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
CVE-2018-1000023
Summary: Bitpay/Insight-api’s Insight-api (versions ≤ 5.0.0) contains a CWE-20 input validation vulnerability in the transaction broadcast endpoint that can disclose full filesystem paths. The issue is described as exploitable via a Web request. The affected product is Bitpay/Insight-api Insight-...